package com.hongxia.assetsys.config;


import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.web.filter.InvalidRequestFilter;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.annotation.Resource;
import javax.management.MXBean;

@Configuration
public class ShiroConfig {
    @Resource
    private MyRealm realm; //注入我们自定义的Realm对象

    //解决路径中文报400的问题
    @Bean
    public InvalidRequestFilter invalidRequestFilter(){
        InvalidRequestFilter invalidRequestFilter = new InvalidRequestFilter();
        invalidRequestFilter.setBlockNonAscii(false);
        return invalidRequestFilter;
    }

    @Bean
    public DefaultWebSecurityManager defaultWebSecurityManager(){
        DefaultWebSecurityManager defaultWebSecurityManager=
                new DefaultWebSecurityManager();
        //创建密码加密对象
        HashedCredentialsMatcher matcher=new HashedCredentialsMatcher();
        //设置加密对象的属性
        matcher.setHashAlgorithmName("md5");
//        matcher.setHashIterations(3);
        //将加密对象  存储到Realm对象中
        realm.setCredentialsMatcher(matcher);
        //将Realm对象 存入 defaultWebSecurityManager对象中
        defaultWebSecurityManager.setRealm(realm);
        //设置remember Me
//        defaultWebSecurityManager.setRememberMeManager(rememberMeManager());
        //返回
        return defaultWebSecurityManager;
    }
    //配置shiro的拦截范围，我们的登录接口肯定是需要放行的
    @Bean
    public DefaultShiroFilterChainDefinition shiroFilterChainDefinition(){
        DefaultShiroFilterChainDefinition definition
                =new DefaultShiroFilterChainDefinition();

        //设置不认证可以访问的资源
        definition.addPathDefinition("/user/login","anon");
        definition.addPathDefinition("/user/register","anon");
        //配置需要拦截的请求范围
//        definition.addPathDefinition("/**","authc");

        return definition;
    }

}
